aws 成本
Bob had just arrived in the office for his first day of work as the newly hired chief technical officer when he was called into a conference room by the president, Martha, who immediately introduced him to the head of accounting, Amanda. They exchanged pleasantries, and then Martha got right down to business:
鲍勃(Bob)作为新聘的首席技术官刚开始工作的第一天,当时总统玛莎(Martha)召集他进入会议室,鲍勃立即将他介绍给会计主管阿曼达(Amanda)。 他们交换了欢乐,然后玛莎开始做生意:
“Bob, we have several teams here developing software applications on Amazon and our bill is very high. We think it’s unnecessarily high, and we’d like you to look into it and bring it under control.”
“鲍勃,我们这里有几个团队在亚马逊上开发软件应用程序,我们的账单非常高。 我们认为这是不必要的高,我们希望您对此进行调查并加以控制。”
Martha placed a screenshot of the Amazon Web Services (AWS) billing report on the table and pointed to it.
Martha在桌子上放置了Amazon Web Services(AWS)计费报告的屏幕截图并指向它。
“This is a problem for us: We don’t know what we’re spending this money on, and we need to see more detail.”
“这对我们来说是个问题:我们不知道这笔钱花在什么上面,我们需要了解更多细节。”
Amanda chimed in, “Bob, look, we have financial dimensions that we use for reporting purposes, and I can provide you with some guidance regarding some information we’d really like to see such that the reports that are ultimately produced mirror these dimensions — if you can do this, it would really help us internally.”
阿曼达(Amanda)插话说:“鲍勃,看,我们有用于报表目的的财务维度,我可以为您提供一些有关我们确实希望看到的信息的指导,以便最终生成的报告反映这些维度-如果您能做到这一点,将对我们内部产生真正的帮助。”
“Bob, we can’t stress how important this is right now. These projects are becoming very expensive for our business,” Martha reiterated.
“鲍勃,我们不能强调现在这很重要。 这些项目对我们的业务而言变得非常昂贵。”玛莎重申。
“How many projects do we have?” Bob inquired.
“我们有多少个项目?” 鲍勃问。
“We have four projects in total: two in the aviation division and two in the energy division. If it matters, the aviation division has 75 developers and the energy division has 25 developers,” the CEO responded.
“我们总共有四个项目:航空部门的两个项目和能源部门的两个项目。 如果重要的话,航空部门有75个开发商,能源部门有25个开发商。
Bob understood the problem and responded, “I’ll see what I can do and have some ideas. I might not be able to give you retrospective insight, but going forward, we should be able to get a better idea of what’s going on and start to bring the cost down.”
鲍勃(Bob)明白了问题所在,然后回答:“我会看看我能做什么,并有一些想法。 我可能无法为您提供回顾性的见解,但展望未来,我们应该能够更好地了解正在发生的事情并开始降低成本。”
The meeting ended with Bob heading to find his desk. Cost allocation tags should help us, he thought to himself as he looked for someone who might know where his office is.
会议结束时,鲍勃前往寻找他的办公桌。 成本分配标签应该对我们有帮助 ,他在寻找可能知道自己办公室在哪里的人时心想。
费用分配标签简介 (Introduction to Cost Allocation Tags)
In this fictitious story, Bob needs to figure out where these expenses are coming from so that he can start to work on lowering the cost. The AWS cost explorer, while helpful, on its own is simply not enough in this case. Bob needs more detail, and that’s where cost allocation tags (CATs) can be helpful. There are other tools in AWS that can assist Bob with this task, and we’ll mention those in brief detail later in this article.
在这个虚构的故事中,Bob需要弄清楚这些支出来自何处,以便他可以着手降低成本。 在这种情况下,AWS成本资源管理器虽然很有帮助,但仅靠它还是不够的。 鲍勃需要更多细节,这就是成本分配标签(CAT)可以提供帮助的地方。 AWS中还有其他工具可以帮助Bob完成此任务,我们将在本文后面的内容中简要介绍这些工具。
In general, tags have some characteristics which we should be aware of (and if I missed something, please add your comment):
通常,标记具有一些我们应该注意的特征(如果我错过了某些事情,请添加您的评论):
- Tags can help demonstrate relationships between resources. 标签可以帮助演示资源之间的关系。
Tags are metadata about your resource, and these simple key-value pairs can be added to just about any resource in AWS.
标签是关于您资源的元数据 ,这些简单的键值对可以添加到AWS中的几乎任何资源。
- Tags are ideally a single key and a single value juxtaposed with a single key and multiple values. 理想情况下,标签是单个键和与单个键和多个值并置的单个值。
Tags are limited to 50 per resource.
- Tags can have rules enforced on them, which helps to ensure consistency and also meet compliance requirements. 标签可以强制执行规则,这有助于确保一致性并满足合规性要求。
Some tags are also generated automatically by AWS (
aws:createdBy, for example) — these tags are immutable.AWS还会自动生成一些标签(例如
aws:createdBy)-这些标签是不可变的。- In addition to cost allocation, tags can be used for automation, operations, and access, as well as security risk management. 除了成本分配外,标签还可以用于自动化,操作和访问以及安全风险管理。
- As it pertains to CATs, tags can be useful for identifying cost center, business unit, department, project, product, geographic area, or purpose, for the purposes of financial reporting. 与CAT有关,标签对于财务报告的目的对于标识成本中心,业务部门,部门,项目,产品,地理区域或目的很有用。
- Tags only appear in reports at the time the tag is created — there is no backdating. 标签仅在创建标签时出现在报告中-没有回溯日期。
In the next section, we’ll look at the AWS billing dashboard, where we can activate a tag, and also at a report that’s filtered by that tag.
在下一部分中,我们将查看AWS计费仪表板,可在其中激活标签以及由该标签过滤的报告。
帐单控制台中的费用分配标签 (Cost Allocation Tags in the Billing Dashboard)
In this section, we’re going to look at the AWS billing dashboard, which is available to account holders and which has two items of interest: the cost explorer and cost allocation tags. We can see both in the next image.
在本部分中,我们将看一下账户持有人可以使用的AWS计费仪表板,该仪表板具有两个令人感兴趣的项目: 成本浏览器和成本分配标签 。 我们可以在下一张图片中看到两者。
In the image below, an inactive cost allocation tag will be activated and then a refresh request will be executed. The comment in the image mentions tagging an S3 bucket — we can tag any resource in AWS.
在下图中,无效的费用分配标签将被激活,然后将执行刷新请求。 图像中的注释提到标记S3存储桶-我们可以标记AWS中的任何资源。
costCenter cost allocation tag, then issue a refresh request.
costCenter成本分配标签,然后发出刷新请求。
The following image demonstrates how we can filter by tag in the AWS cost management cost explorer AWS web UI.
下图演示了如何在AWS Cost Management成本资源管理器AWS Web UI中按标签过滤。
If we filter by costCenter tag 12345, we can get an idea below what costs are associated with this key and value, specifically.
如果我们通过costCenter标签12345进行过滤,则可以得到一个低于此键和值的成本的想法。
In the next section, we’ll go over three examples pertaining to how resources, such as an EC2 instance, in this case, can be tagged with two tags via the web interface, via the command line (CLI), and programmatically.
在下一节中,我们将讨论三个示例,这些示例涉及如何通过Web界面,命令行(CLI)和以编程方式为资源(例如EC2实例)加上两个标签。
标记示例(UI,CLI,代码) (Tagging Examples (UI, CLI, Code))
In this section, we will review three examples of how CATs can be applied to an AWS EC2 instance on creation. We will cover tagging via the web user interface (UI), via the AWS command line, and finally, we will demonstrate how an EC2 instance is tagged at creation time using Node.js.
在本部分中,我们将回顾三个如何在创建CAT时将其应用于AWS EC2实例的示例。 我们将介绍通过Web用户界面(UI)和AWS命令行进行标记的过程,最后,我们将演示如何在创建时使用Node.js标记EC2实例。
通过Web用户界面(UI)标记EC2实例 (Tagging an EC2 instance via the web user interface (UI))
Creating an EC2 instance via the AWS web interface is easy enough. We can see below that we can add tags in step five.
通过AWS Web界面创建EC2实例非常容易。 我们可以在下面看到可以在第五步中添加标签。
We’ve skipped ahead in this example, and below you can see step five, where we’ve assigned costCenter and department key-value pairs (KVPs) to this instance.
在本示例中,我们已经跳过了,在下面您可以看到第五步,在该步骤中,我们已为此实例分配了costCenter和department键值对(KVP)。
Once the instance has been launched, we can see that the tags we’ve assigned above are assigned to the instance itself.
启动实例后,我们可以看到上面分配的标签已分配给实例本身。
costCenter and
costCenter和
department tags here.
department标签。
通过命令行界面(CLI)标记EC2实例 (Tagging an EC2 instance via the command line interface (CLI))
This example is fairly straightforward. The steps not included here involve setting up the profile, which requires creating a user and assigning the appropriate permissions, as well as creating the VPC.
这个例子很简单。 这里未包括的步骤涉及设置配置文件,这需要创建用户并分配适当的权限以及创建VPC。
We also need to create a profile in the /Users/[user]/.aws/credentials file, which includes the aws_access_key_id and aws_secret_access_key with AWS-provided values. This is necessary for both the example below and the programmatic example which follows.
我们还需要在/Users/[user]/.aws/credentials文件中创建一个配置文件,其中包括具有AWS提供的值的aws_access_key_id和aws_secret_access_key 。 这对于下面的示例和下面的编程示例都是必需的。
The following script will create a t2.micro instance in the us-east-1 region and deploy it in the subnet-0969b587cc72969d2 subnet. Most importantly for this example, the EC2 instance will be tagged with the costCenter and department KVPs.
以下脚本将在us-east-1区域中创建一个t2.micro实例,并将其部署在subnet-0969b587cc72969d2子网中。 对于此示例,最重要的是,将使用costCenter和department KVP标记EC2实例。
aws ec2 run-instances --image-id ami-02354e95b39ca8dec --count 1 --instance-type t2.micro --region us-east-1 --profile thospfuller-aws-cli --subnet subnet-0969b587cc72969d2 --tag-specifications 'ResourceType=instance,Tags=[{Key=costCenter,Value=45678}, {Key=department,Value=Energy}]'The aforementioned subnet value can be found under the VPS Subnets option as shown in the image below.
可以在“ VPS子网”选项下找到上述子网值,如下图所示。
In the following image, we can see the costCenter and department tags appear on the EC2 instance.
在下图中,我们可以看到costCenter和department标签出现在EC2实例上。
This brings us to the last example that we’ll cover here, and that is to launch programmatically an EC2 instance that’s been tagged with the appropriate KVPs.
这将带我们到我们将在此处讨论的最后一个示例,该示例是以编程方式启动一个已标记有适当KVP的EC2实例。
以编程方式标记EC2实例 (Tagging an EC2 instance programmatically)
Similar to the previous example, this example is fairly straightforward. The steps not included here involve setting up the profile, which requires creating a user and assigning the appropriate permissions, as well as creating the VPC.
与前面的示例相似,该示例非常简单。 这里未包括的步骤涉及设置配置文件,这需要创建用户并分配适当的权限以及创建VPC。
We also need to create a profile in the /Users/[user]/.aws/credentials file, which includes the aws_access_key_id and aws_secret_access_key with AWS-provided values.
我们还需要在/Users/[user]/.aws/credentials文件中创建一个配置文件,其中包括具有AWS提供的值的aws_access_key_id和aws_secret_access_key 。
The following will create a t2.micro instance in the us-east-1 region, deploy it in the subnet-0969b587cc72969d2 subnet, and, most importantly for this example, tag it with the costCenter and department KVPs.
以下内容将在us-east-1区域中创建一个t2.micro instance ,并将其部署在subnet-0969b587cc72969d2子网中,对于此示例而言,最重要的是,将其标记为costCenter和department KVP。
Line #49 has the costAllocation and department KVPs. Note that the gist below can be found on GitHub and the file is also available in the following repository.
第49行具有costAllocation和department KVP。 请注意, 下面的要点可以在GitHub上找到,并且该文件也可以在以下存储库中找到 。
/**
* Precondition:
*
* - npm install aws-sdk
*/
const AWS = require('aws-sdk');
AWS.config["credentials"] = new AWS.SharedIniFileCredentials({profile: 'thospfuller-aws-cli'});
AWS.config["logger"] = console;
/**
* See also: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/ec2-example-creating-an-instance.html
*
* aws ec2 run-instances
* --image-id ami-02354e95b39ca8dec
* --count 1
* --instance-type t2.micro
* --region us-east-1
* --profile thospfuller-aws-cli
* --subnet subnet-0969b587cc72969d2
* --tag-specifications 'ResourceType=instance,Tags=[{Key=costCenter,Value=45678}, {Key=department,Value=Energy}]'
*/
AWS.config.update({region: 'us-east-1'});
// Amazon Linux 2 AMI (HVM), SSD Volume Type - ami-02354e95b39ca8dec (64-bit x86) / ami-0c5bf07e510b75b11 (64-bit Arm)
const instanceParams = {
ImageId: 'ami-02354e95b39ca8dec',
InstanceType: 't2.micro',
SubnetId: 'subnet-0969b587cc72969d2',
MinCount: 1,
MaxCount: 1
};
const instancePromise = new AWS.EC2({apiVersion: '2016-11-15'}).runInstances(instanceParams).promise();
instancePromise.then(
function(data) {
console.log("Data: ", data);
const instanceId = data.Instances[0].InstanceId;
console.log("Created instance with id: ", instanceId);
let tagParams = {
Resources: [instanceId], Tags: [
{
Key: 'costCenter',
Value: '45678'
}, {
Key: 'department',
Value: 'Energy'
},
]
};
const tagPromise = new AWS.EC2({apiVersion: '2016-11-15'}).createTags(tagParams).promise();
tagPromise.then(
function(data) {
console.log("Instance created successfully.");
}).catch(
function(err) {
console.error("Unable to create an EC2 instance.", err, err.stack);
});
}).catch(
function(err) {
console.error("The request to create an EC2 instance was rejected.", err, err.stack);
});
console.log("...done!");In the following image, we can see the output when the script is executed, along with a pointer to the costCenter and department tags. Note the instance id is just above the red arrow pointer which points to the tags.
在下图中,我们可以看到执行脚本时的输出以及指向costCenter和department标签的指针。 请注意, instance id恰好在指向标记的红色箭头指针上方。
In the following image, we can see the instance id as the EC2 instance is starting.
在下图中,我们可以看到EC2实例启动时的instance id 。
Finally, we can see the costCenter and department tag keys and values in the image below.
最后,我们可以costCenter中看到costCenter和department标签的键和值。
In the next section, we will discuss AWS Organizations, AWS Config, and how these services can help a business achieve tag compliance.
在下一节中,我们将讨论AWS Organizations,AWS Config以及这些服务如何帮助企业实现标签合规性。
合规 (Compliance)
Two choices are available to businesses that are relying on CATs to ensure consistent application and format of tags assigned to resources: AWS Organizations and AWS Config. Since one can easily learn about these directly from the source, we only provide a brief description that will help the reader see the differences:
依靠CAT来确保分配给资源的标签的应用程序和格式一致的企业可以使用两种选择:AWS Organizations和AWS Config 。 由于您可以直接从源代码中轻松地了解这些内容,因此我们仅提供简要说明,以帮助读者了解不同之处:
AWS Organizations —AWS Organizations is for account management and can consolidate multiple AWS accounts under one organization that is managed centrally; the AWS Organizations service also helps with budgeting, security, and compliance.
AWS组织 -AWS组织用于帐户管理,可以将多个AWS帐户合并到一个集中管理的组织下; AWS Organizations服务还有助于预算,安全性和合规性。
AWS Config — AWS Config is also a service that helps the user with assessing, auditing, evaluating, securing, and troubleshooting the configuration of AWS-specific resources. If your business is not using AWS Organization, then AWS Config can act as an alternative for managing tags; see also Tagging Your AWS Config Resources.
AWS Config -AWS Config还是一项服务,可帮助用户评估,审计,评估,保护和排除特定于AWS的资源的配置。 如果您的企业未使用AWS Organization,则AWS Config可以用作管理标签的替代方法。 另请参阅标记您的AWS Config资源 。
Without auditing and enforcement, the business will easily end up with a mess, so it’s important to not just use the tools available to better understand where the money is going but also to ensure that all resources are created with the appropriate tags in the appropriate format. Keep in mind that engineers have to apply these changes, and without enforcement and compliance, they simply won’t do it or do it consistently and correctly [7].
如果没有审核和执行,企业将很容易陷入混乱,因此,重要的是不仅要使用可用的工具来更好地了解资金的去向,而且还要确保使用适当格式的适当标签来创建所有资源。 。 请记住,工程师必须应用这些更改,并且在没有强制执行和合规性的情况下,他们根本不会这样做或始终如一地正确执行这些更改[7]。
In our fictitious story, not only will Bob want to take advantage of CATs, but he’ll also additionally benefit from utilizing either AWS Organizations or AWS Config, especially seeing as he’s in charge of overseeing two divisions with 100 software engineers and support staff.
在我们的虚拟故事中,Bob不仅想利用CAT,而且还可以从利用AWS组织或AWS Config中受益,尤其是因为他负责管理由100名软件工程师和支持人员组成的两个部门。
It is beyond the scope of this article to demonstrate how these two services work; however, we may delve into this in detail in a future article.
演示这两种服务的工作原理超出了本文的讨论范围。 但是,我们可能会在以后的文章中对此进行详细研究。
使用费用分配标签的策略 (Strategies When Using Cost Allocation Tags)
So far we’ve introduced tags and cost allocation tags, we’ve demonstrated how tags can be added to a resource such as an EC2 image, and we’ve reviewed how one can go about ensuring that compliance measures are in place to ensure that the tag keys and values adhere to an expected format.
到目前为止,我们已经介绍了标签和成本分配标签,已经展示了如何将标签添加到诸如EC2映像之类的资源中,并且我们已经回顾了如何确保采用合规性措施以确保标签键和值遵循预期格式。
The last piece of the puzzle that we’ll discuss in this article involves tag strategies. It is not enough to allow engineers and managers to add tags with known values to AWS resources they’re using. In fact, in an organization the size of the one that Bob runs, this would be exactly what you’d want to avoid because the business has multiple divisions and many software engineers and support staff. In this case, a tagging strategy needs to be developed with input from the people managing these divisions, with the CTO at the top ensuring that tags are uniform across the business and that there is a minimum set of tags defined, along with optional tags which are applied to every taggable resource in use across the business.
我们将在本文中讨论的最后一个难题涉及标签策略。 仅仅允许工程师和经理向他们正在使用的AWS资源添加具有已知值的标签是不够的。 实际上,在一个与Bob运作规模相当的组织中,这正是您要避免的事情,因为该公司有多个部门,并且拥有许多软件工程师和支持人员。 在这种情况下,需要根据管理这些部门的人员的意见来制定标签策略,首席技术官应确保在整个企业中使用统一的标签,并定义最少的标签集,以及可选的标签。应用于整个企业中使用的每个可标记资源。
Lastly, when it comes to cost allocation tags (CATs) specifically, our CTO Bob will want to ensure that both a minimum set of required and optional tags are defined and that appropriate key-value pairs are married with financial reporting dimensions, which will be provided to us by, in this story, the head of accounting, Amanda.
最后,当涉及到具体的成本分配标签(CAT)时,我们的CTO Bob将希望确保同时定义了最低限度的必需标签和可选标签集,并确保将适当的键值对与财务报告维度结合起来,在这个故事中,由会计主管Amanda提供给我们。
结论 (Conclusion)
In this article, we introduced cost allocation tags, demonstrated how they work, and reviewed two services, AWS Organizations and AWS Config, which can be used to achieve tag compliance across all AWS resources. These are not the only tools at Bob’s disposal for getting the cost of AWS usage in the business under control. In fact, the addition of any of the following should prove to be helpful as well:
在本文中,我们介绍了成本分配标签,演示了它们的工作原理,并回顾了两个服务,即AWS Organizations和AWS Config,可用于实现所有AWS资源之间的标签合规性。 这些并不是Bob掌握的唯一工具,可以用来控制企业中AWS的使用成本。 实际上,添加以下任何一项也应该会有所帮助:
- Third-party cost optimization software 第三方成本优化软件
- Continuous improvement strategy [15, 16, 17, 18] 持续改进策略[15、16、17、18]
Developing a performance-optimized architecture [13]
开发性能优化的体系结构 [13]
We concluded the article with a basic discussion of tagging strategies, which are very important and which need to be given business-wide attention when defining a set of required and optional tags for use across the business and for cost allocation purposes.
我们在本文的结尾对标记策略进行了基本讨论,这非常重要,并且在定义一组在整个企业中使用和成本分配目的的必需和可选标记时,需要在业务范围内给予关注。
Our budding CTO Bob will be off to a good start implementing tag strategies in the business, but what would you do? Let me know in the comments, right after you finish taking the quiz below.
我们崭露头角的首席技术官Bob将为在企业中实施标签策略提供一个良好的开端,但是您会怎么做? 在完成以下测验后,立即在评论中让我知道。
测验 (Quiz)
You thought you were done, didn’t you?
你以为你做完了,不是吗?
That’s right, get out a blank piece of paper and a pen because I’ve included a pop quiz. If you don’t have a paper and pen available, place your answers in the comments section for discussion.
没错,拿出一张空白的纸和一支笔,因为我附带了一个流行测验。 如果没有纸和笔,请将答案放在评论部分进行讨论。
- Find three other resources that can be tagged. (This is easy) 查找其他三个可以标记的资源。 (这很简单)
- What resources cannot be tagged? (This is harder, see [10], and don’t assume it’s correct or complete.) 无法标记哪些资源? (这比较困难,请参见[10],并且不要认为它是正确或完整的。)
- Developing a cost-optimized architecture is one of the five pillars of a [fill in the blank]. (Hint “AWS [followed by three words].”) [8] 开发成本优化的体系结构是[填补空白]的五个Struts之一。 (提示“ AWS [后跟三个词]。”)[8]
- Name the other four pillars from 2. without looking at notes. 在不注意注释的情况下命名2.中的其他四个Struts。
- What is the difference between AWS Organizations and AWS Config? AWS Organizations和AWS Config有什么区别?
- In our fictitious story above, what would be the more appropriate service (AWS Organizations, AWS Config, or both) for the business he works for? Why? 在上面的虚拟故事中,对于他从事的业务而言,哪种服务更合适(AWS组织,AWS Config或两者)? 为什么?
- Can a business use both AWS Organizations and AWS Config? 企业可以同时使用AWS Organizations和AWS Config吗?
- What other pillar complements the cost-optimized pillar? (There’s a specific pillar with a very specific reason.) 还有哪些其他Struts可以补充成本优化的Struts? (有一个特定的Struts有非常具体的原因。)
推荐读物 (Recommended Reading)
Tagging Best Practices: Implement an Effective AWS Resource Tagging Strategy
How to reduce your AWS costs? Save up to $500k with these guidelines!
Best Practices for Organizational Units with AWS Organizations
Managing AWS Organizations accounts using AWS Config and AWS CloudFormation StackSets
使用AWS Config和AWS CloudFormation StackSets管理AWS Organizations帐户
翻译自: https://medium.com/better-programming/aws-cost-allocation-tags-and-cost-reduction-8a0e46e39e75
aws 成本
455
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
